| VID |
18069 |
| Severity |
40 |
| Port |
110 |
| Protocol |
TCP |
| Class |
POP3 |
| Detailed Description |
The MDaemon POP server, according to the version number, has 'DELE' or 'UIDL' Buffer Overflow Vulnerability.
MDaemon is a multi-protocol mail server, developed by Alt-N Technologies, for Microsoft Windows systems. MDaemon versions 6.0.7 and earlier are vulnerable to a buffer overflow vulnerability in the POP Server, caused by a failure of the application to properly check buffer sizes on some POP server commands. By sending a 'DELE' or 'UIDL' command of more than 32 bytes to the server, an authenticated attacker could overflow a buffer and cause the server to crash. MDaemon must be restarted to regain normal functionality.
* Note: This check solely relied on the version number of the remote MDaemon POP server to assess this vulnerability, so this might be a false positive.
* References:
http://securitytracker.com/alerts/2003/Apr/1006658.html
* Platforms Affected:
Alt-N Technologies, Inc., MDaemon 6.0.7 and earlier
Microsoft Windows Any version |
| Recommendation |
Upgrade to the latest version(7.2.0 or later) or the version(6.5.0 or later) fixed the issue of Mdaemon, available from the Alt-N Technologies Web site at http://www.altn.com/download/default.asp?product%5Fid=MDaemon |
| Related URL |
CVE-2002-1539 (CVE) |
| Related URL |
6053 (SecurityFocus) |
| Related URL |
10488 (ISS) |
|
